Re: openssl 0.9.8 with fips - Openssl

This is a discussion on Re: openssl 0.9.8 with fips - Openssl ; Beth E. Okun wrote:
> Hi,
>
> I'm wondering about integrating fips into openssl-0.9.8g. We were
> previously using openssl-0.9.7m, and have noted that the fips1.0
> directory is absent in the 0.9.8g release, and also that the
> ...

Re: openssl 0.9.8 with fips

Beth E. Okun wrote:
> Hi,
>
> I'm wondering about integrating fips into openssl-0.9.8g. We were
> previously using openssl-0.9.7m, and have noted that the fips1.0
> directory is absent in the 0.9.8g release, and also that the
> "./Configure" script does not contain any of the fips functionality.
>
> I did note in some of the documentation that there is an
> openssl-0.9.8 fips build, I'm wondering if this is currently
> validated? Also, is this a build that anyone can download?
>
> Thank you so much for your time.
>
> Sincerely,
>
> Beth E. Okun

Note that the OpenSSL FIPS Object Module (the special validated code) is
*not* contained in each and every version of standard OpenSSL. It can't
be, because a key aspect of the FIPS 140-2 voodoo is that validated
software cannot change at all, and of course the regular OpenSSL
releases do change. The FIPS Object Module also has but a small subset
of the functionality of regular OpenSSL. It is a separate and distinct,
and very specialized, entity.

Because the FIPS Object Module has limited functionality, few will want
to use it directly. Instead it is designed to be used in conjunction
with certain "FIPS capable" versions of the full OpenSSL product. The
FIPS Object Module provides the validated low level cryptography while
the FIPS capable OpenSSL provides the familiar OpenSSL API, internally
redirecting as appropriate to the FIPS Object Module.

So you want the validated FIPS Object Module v.1.2, which won't be
available for a month (or two, or three...) and a FIPS capable 0.9.8
OpenSSL. There is (will be) only one version of the former, while the
"FIPS capable" support will be carried forward in future 0.9.8 releases.